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Scope 



The present document defines a protocol used for manipulating data related to PSTN/ISDN Simulation services. The 
protocol is based on the extensible Markup Language (XML) Configuration Access Protocol (XCAP) (see 
bibliography). A new XCAP application usage is defined for the purpose of manipulating PSTN/ISDN Simulation 
services data. The common XCAP related aspects that are applicable to PSTN/ISDN services are specified in the 
present document. The protocol allows authorized users to manipulate service-related data either when they are 
connected to IMS or when they are connected to non-IMS networks (e.g. the public Internet). 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 



• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

[1] IETF RFC 2616 (June 1999): "Hypertext Transfer Protocol - HTTP/Ll". 

[2] W3C RFC REC-xmlschema- 1-200 10502 (May 2001): "XML Schema Part 1: Structures". 

[3] IETF RFC 2617 (June 1999): "HTTP Authentication: Basic and Digest Access Authentication". 

[4] IETF RFC 2246 (January 1999): "The TLS Protocol Version 1.0". 

[5] ETSI TS 124 109: ""Universal Mobile Telecommunications System (UMTS); Bootstrapping 

interface (Ub) and network application function interface (Ua); Protocol details (3GPP TS 24.109 
Release 6)". 

[6] ETSI TS 133 222: ""Universal Mobile Telecommunications System (UMTS); Generic 

Authentication Architecture (GAA); Access to network application functions using Hypertext 
Transfer Protocol over Transport Layer Security (HTTPS) (3GPP TS 33.222 Release 6)". 

[7] ETSI TS 187 001: "TISPAN-NGN Security (NGN-SEC); Requirements - NGN Release 1". 



3 Definitions and abbreviations 

3.1 Definitions 

For the purposes of the present document, the terms and definitions given in draft-ietf-simple-xcap (see bibliography) 
apply. 
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3.2 



Abbreviations 



For the purposes of the present document, the following abbreviations apply: 



AP 

AS 

AUID 

HTTP 

ISDN 

MIME 

NAF 

NGN 

PSTN 

TLS 

UE 

URI 

XCAP 

XML 



Authentication Proxy 

Application Server 

Application Unique ID 

HyperText Transfer Protocol 

Integrated Services Digital Network 

Multipurpose Internet Mail Extensions 

Network Application Function 

Next Generation Network 

Public Switched Telephone Network 

Transport Layer Security 

User Equipment 

Uniform Resource Identifier 

XML Configuration Access Protocol 

extended Markup Language 



4 Architecture for manipulating NGN PSTN/ISDN 

simulation services settings 

The protocol described in the present document allows to manipulate settings and variables related that influence the 
execution of one or more PSTN/ISDN simulation services. Manipulation of supplementary services take place over the 
Ut interface (UE to AS), as shown in figure 1 . 



UE 


Ut 


AS 





















Figure 1: Ut interface 

The stage 1 security requirements affecting XCAP are documented in TS 187 001 [7]. 

Manipulation of services does not usually take place during real-time operation. Typically users manipulate their 
services configuration data prior to the invocation and execution of the service. 

Authentication of the user with HTTP may take place directly at the AS, such as in figure 1, or with the support of an 
Authentication Proxy, such as in figure 2. The architecture for authentication is provided in TS 187 003 (see 
bibliography) with the remark that the Network Application Function (NAF) is effectively an AS providing an NGN 
PSTN/ISDN simulation service in an NGN. 



UE 



Ut 



Authentication 
Proxy 



Ut 
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Figure 2: Authentication proxy in the Ut interface path 
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The extensible Markup Language (XML) 
Configuration Access Protocol (XCAP) 



5.1 



Introduction 



For the purpose of manipulating data stored in an application server the XML Configuration Access Protocol 
(XCAP) (see bibliography) is used. XCAP allows a client to read, write and modify application configuration data, 
stored in XML format on a server. XCAP maps XML document sub-trees and element attributes to HTTP URIs, so that 
these components can be directly accessed by HTTP [1]. XCAP uses the HTTP methods PUT, GET, and DELETE to 
operating on XML documents stored in the server. 

In the case of PSTN/ISDN simulation services, the data stored in a server is related to the execution of that given 
service. The present document defines a new XCAP Application Usage for the purpose of allowing a client to 
manipulate data related to PSTN/ISDN simulation services. 

XCAP (see bibUography) defines two logical roles: XCAP client and XCAP servers. An XCAP client is an HTTP/1.1 
compliant client. Similarly an XCAP server is an HTTP/Ll compliant server. The XCAP server acts as a repository of 
XML documents that customize and modify the execution of NGN PSTN/ISDN simulation services. Figure 3 depicts 
the XCAP architecture where an XCAP client sends an HTTP/ 1.1 request to an XCAP server. The server replies with an 
HTTP/Ll response. 



XCAP 

client 



XCAP 
server 



HTTP request - 



HTTP response 



Figure 3: XCAP architecture 

According to XCAP (see bibliography), each application that makes use of XCAP defines its own XCAP application 
usage. The present document defines an NGN PSTN/ISDN simulation services XCAP application usage in clause 6. 
This application usage defines the XML schema [2] for the data used by the application, along with other key pieces of 
information. 

XCAP focuses on the definition of XML documents that are compliant with the XML schema and constrains defined 
for a particular XCAP application usage. XCAP allows application to provide XML documents that are common for all 
users or XML documents that affect the service of a given user. 

Central to XCAP is the construction of the HTTP URI that points to particular XML document or certain components of 
it. A component in an XML document can be an XML element, attribute, or the value of it. 



5.2 



Functional entities 



5.2.1 User Equipment (UE) 
5.2.1.1 General 

The UE implements the role of an XCAP client, as described in clause 5.3.1. 

The UE shall implement HTTP Digest access authentication (RFC 2617 [3]). 

The UE shall implement Transport Layer Security (TLS) (see RFC 2246 [4]). 

On sending an HTTP request, the UE may indicate the user's identity intended to be used with the AS by adding a 
HTTP X-3GPP-Intended-Identity header (TS 124 109 [5]) to the outgoing HTTP request. 
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5.2.1 .2 Subscription for notification of state changes in XML document 

In order to keep the simulation services state synchronized with the network elements and other terminals that the user 
might be using, the UE should subscribe to changes in the XCAP simserv documents by generating a SUBSCRIBE 
request in accordance with draft-ietf-simple-xcap-package and draft-ietf-sipping-config-framework (see bibliography). 

5.2.2 Authentication Proxy (AP) 

5.2.2.1 Introduction 

An Authentication Proxy is an HTTP/1.1 [1] compliant server whose main piupose is to authenticate the user requests. 
The Authentication Proxy is used to separate the authentication procedure and the Application Server (AS) specific 
application logic to different logical entities. 

The AP is configured as a HTTP reverse proxy, i.e. the FQDN of the AS is configured to the AP such a way that the IP 
traffic intended to the AS is directed to the AP by the network. The AP performs the authentication of the UE. After the 
authentication procedure has been successfully completed, the AP assumes the typical role of a reverse proxy, i.e. the 
AP forwards HTTP requests originating from the UE to the correct AS, and returns the corresponding HTTP responses 
from the AS to the originating UE. 

The AP allows authorized users to manipulate services when they are connected to an IMS network or when they are 
connected to a non-IMS network (e.g. the public Internet). Authentication details can differ in both situations. 
Provisioning of credentials to authenticate the user is outside the scope of the present document. TS 187 003 (see 
bibliography) provides further architectural authentication details. 

5.2.2.2 Authentication 

On receiving an HTTP request, the AP shall first determine the mechanism used to authenticate the user. If the request 
is received in the context of a valid TLS connection, then the AP shall attempt to authenticate the user via the 
mechanisms specified in TS 133 222 [6] and then the AP shall follow the procedures indicated in clause 5.2.2.2.1. If the 
request is received outside the context of a valid TLS connection, then the AP shall attempt to authenticate the user with 
HTTP Digest authentication and then follow the procedures indicated in clause 5.2.2.2.2. 

5.2.2.2.1 Authentication based on the generic authentication architecture 

On receiving an HTTP request that contains the Authorization header field, the AP shall: 

a) use the value of that username parameter of the Authorization header field to authenticate the user; 

b) apply the procedures specified in RFC 2617 [3] for authentication; 

c) if the HTTP request contains an X-3GPP-Intended-Identity header field (TS 124 109 [5]) , then the AP may 
verify that the user identity belongs to the subscriber. This verification of the user identity shall be performed 
dependant on the subscriber's application specific or AP specific user security settings; 

d) if authentication is successful, remove the Authorization header field from the HTTP request; 

e) insert an HTTP X-3GPP-Asserted-Identity header field (TS 124 109 [5]) that contains the asserted identity or a 
list of identities; and 

f) forward the HTTP request to the appropriate AS. 

On receiving an HTTP response for the previous request, the AP shall: 

a) add an Authentication-Info header field in accordance to the procedures described in TS 133 222 [6]; and 

b) forward the response to the XCAP client. 

On receiving an HTTP request that does not contain the Authorization header field, the AP shall: 

a) challenge the user by generating a 401 Unauthorized response according to the procedures specified 
in TS 133 222 [6] and RFC 2617 [3]; and 
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b) forward the 401 Unauthorized response to the sender of the HTTP request. 

5.2.2.2.2 HTTP digest authentication 

On receiving an HTTP request that does not contain an Authorization header the AP shall: 

a) challenge the user by generating a 401 Unauthorized response that contains the proper Digest authentication 
parameters (e.g. realm), according to RFC 2617 [3]. Provisioning of credentials to authenticate the user is 
outside the scope of the present document; and 

b) forward the 401 Unauthorized response to the sender of the HTTP request. 
On receiving an HTTP request that contains an Authorization header field, the AP shall: 

a) apply the authentication procedures defined in RFC 2617 [3]; and 

b) authorize or deny authorization depending on the authenticated identity. 

5.2.2.3 Authorization 

The AP shall be able to decide whether particular subscriber, i.e. the UE, is authorized to access a particular AS. On 
doing so, the AP may use the User Security Settings specified in TS 124 109 [5]. 

The AP may indicate an asserted identity or a list of identities to the AS by adding an HTTP X-3GPP-Asserted-Identity 
header field to the HTTP requests prior to forwarding the request to the AS. In case of multiple identities, they shall be 
separated by comma (,) and each identity shall be surrounded by quotation marks ("). Whether the AP supports this 
handling of an asserted identity or a list of identities then it shall depend on local policy in the AP. In addition the 
subscriber's application specific or AP specific user security settings may be considered. 

The AP may indicate an authorization flag or a list of authorization flags from the application specific user security 
settings (USS) to the AS by adding a HTTP X-3GPP-Authorization-Flags header field to the HTTP request prior to 
forward it to the XCAP server. The HTTP X-3GPP- Authorization-Flags header field shall contain a list of authorization 
flags separated by comma (,) and each authorization flag is surrounded by quotation marks ("). In case the AP supports 
this handling of authorization flags from USS then it shall depend on local policy in the AP. 

5.2.3 Application Server (AS) 

5.2.3.1 General 

An Application Server implements the role of an XCAP server as described in clause 5.3.2. 
The AS shall implement HTTP Digest access authentication (RFC 2617 [3]). 
The AS shall implement Transport Layer Security (TLS) (see RFC 2246 [4]). 

5.2.3.2 Authentication and authorization 

If an Authentication Proxy (AP) is provided in the path of the HTTP request, then the AS receives an HTTP request 
from a trusted source (the AP) and contains an HTTP X-3GPP-Asserted-ldentity header (TS 124 109 [5]) that includes 
an asserted identity of the user. In this case the AS does not need to authenticate the user, but just provide authorization 
to access the requested resource. 

If an HTTP X-3GPP-Asserted-Identity header (TS 124 109 [5]) is not present in the HTTP request or if the request is 
received from a non-trusted source, then the AS needs to authenticate the user prior to providing authorization to the 
XCAP resource by applying the procedures described in clause 5.2.3.2.1. 



£75/ 



10 ETSI TS 183 023 V1.1.1 (2005-09) 

5.2.3.2.1 HTTP digest authentication 

On receiving an HTTP request that does not contain an Authorization header the AS shall: 

a) challenge the user by generating a 401 Unauthorized response that contains the proper Digest authentication 
parameters (e.g. realm), according to RFC 2617 [3]. Provisioning of credentials to authenticate the user is 
outside the scope of the present document; and 

b) forward the 401 Unauthorized response to the sender of the HTTP request. 
On receiving an HTTP request that contains an Authorization header, the AS shall: 

a) apply the authentication procedures defined in RFC 2617 [3]; and 

b) authorize or deny authorization depending on the authenticated identity. 

5.2.3.3 Subscription acceptance and notification of state changes in XML document 

When the AS receives a SUBSCRIBE request having the Event header field value set to "sip-profile", the AS shall first 
authenticate the source of the SUBSCRIBE request and then perform authorization. Afterwards, the AS shall generate a 
response to the SUBSCRIBE request and notifications in accordance with draft-ietf-simple-xcap-package and 
draft-ietf-sipping-config-framework (see bibliography). 

5.3 Roles 

5.3.1 XCAP client 

5.3.1.1 Introduction 

The XCAP client is a logical function as defined in draft-ietf-simple-xcap (see bibliography). The XCAP client provides 
the means to manipulate the general data, such as configuration settings related to NGN PSTN/ISDN simulation 
services. 

NOTE: In order to be able to manipulate data stored on the XCAP server, the XCAP client needs to know the 
XCAP root directory on the XCAP server and the user's directory name. It is assumed that these values 
are pre-provisioned or the UE uses some means to discover it. Discovery mechanisms are outside the 
scope of the present document. 

5.3.1 .2 Manipulating NGN PSTN/ISDN simulation services 

When the XCAP client intends to manipulate a resource list, it shall generate an HTTP PUT, HTTP GET or 
HTTP DELETE request in accordance with draft-ietf-simple-xcap (see bibliography) and the NGN PSTN/ISDN 
simulation services application usage specified in clause 6. 

5.3.2 XCAP server 

5.3.2.1 Introduction 

The XCAP server is a logical function as defined in draft-ietf-simple-xcap (see bibliography). The XCAP server can 
store data related to the configuration of NGN PSTN/ISDN simulation services. The XCAP server shall provide or deny 
authorization to access XCAP resources by authenticated users. 

5.3.2.2 Manipulation acceptance 

When the XCAP server receives an HTTP PUT, HTTP GET or HTTP DELETE request for manipulating or fetching a 
resource list, the XCAP server shall first authenticate the request and then perform authorization. Clause 5.2.2. provides 
more details on the authentication and authorization of HTTP requests. 
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Afterwards the XCAP server shall perform the requested action and generate a response in accordance with 
draft-ietf-simple-xcap (see bibliography) and the NGN PSTN/ISDN simulation services application usage specified in 
clause 6. 



NGN PSTN/ISDN simulation services XCAP 
application usage 



6.1 



Structure of the XML document 



XCAP provides for the existence of application usages that define the conventions and constrains related to the 
manipulation of XML documents in an XCAP server. The present document defines an NGN PSTN/ISDN simulation 
services XCAP application usage. This application usage is common for a variety of PSTN/ISDN simulation services 
defined by NGN Release 1 . Further releases may extend this application usage when deemed practical. 

The present document follows a modular approach, as depicted in figure 4. We provide for the existence of a simservs 
XML document that contains the data associated to a number of NGN PSTN/ISDN simulation services. The simservs 
XML document is composed of a common part, defined by the present document, and a number of XML subdocuments 
corresponding to each of the NGN PSTN/ISDN simulation services. This modular approach has significant advantages. 
Particularly, it is versatile enough to allow any number of configurations. For example, in one configuration, an XCAP 
server might be managing a given server. In this case, the simservs XML document will contain one subtree per service. 
In another configuration, each service is managed in its own XCAP server, case in which the XML document in each 
XCAP server will contain the common parts and a single XML subtree that manages the service. Yet in a third 
configuration the XCAP server stores several XML documents, each document managing one or more services. 

The XML schema for the simservs XML document, including the common parts, is specified in clause 6.3 of the 
present document. This XML schema allows for each of the individual XML schemas pertaining to a particular service 
to import the common parts XML schema. Each XML subdocument affects the settings of a PSTN/ISDN simulation 
service (or group of related PSTN/ISDN simulation services). The XML schema of each of the PSTN/ISDN simulation 
services is specified in its own specification. A template of the XML schema for a PSTN/ISDN simulation service is 
provided in clause 6.4. 













Common parts 








NGN PSTN/ISDN 
Simulation Service 1 












NGN PSTN/ISDN 
Simulation Service 2 






... 






NGN PSTN/ISDN 
Simulation Service n 












NGN PSTN/ISDN 
Simulation Services 
XIVIL document 





Figure 4: Structure of an NGN PSTN/ISDN simulation services XIVIL document 
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The simservs XML document starts with a <simservs> root XML element that can contain one or more child elements 
pertaining to PSTN/ISDN simulation services. Each of these service elements can contain an "active" attribute that 
indicates whether the service is activated or not. When the "active" attribute is absent on a service element, it indicates 
that the service is activated. Elements and attributes from different namespaces can be present as well. 



6.2 XCAP application usage 



XCAP requires application usages to fulfil a number of steps in the definition of such application usage. The reminder 
of this clause specifies the required definitions of the NGN PSTN/ISDN simulation services XCAP Application Usage. 

Application Unique ID (AUID): Each XCAP application usage is associated with a unique name called the 
Application Unique ID (AUID). The AUID defined by this application usage falls into the vendor-proprietary 
namespace of XCAP AUID, where ETSI is considered a vendor. 

The AUID allocated to the NGN PSTN/ISDN simulation services XCAP appUcation usage is: 

simservs . ngn . etsi . org 

XML schema: Implementations in compliance with the present document shall implement the XML schema defined in 
clause 6.3. Additionally, each PSTN/ISDN simulation service (or group of them) is modelled with a XML subdocument 
that is validated according to a specific XML schema for that subdocument. The XML schema that affects the settings 
of the related service is specified in the specification of the given PSTN/ISDN simulation service. Clause 6.4 provides a 
template that shall be used for the XML schema defined by each of the PSTN/ISDN simulation services that implement 
XML schemas for data manipulation. 

Default namespace: XCAP requires application usages to declare the default namespace. The default namespace of the 
NGN PSTN/ISDN simulation services XCAP application usage is: 

urn : org : etsi : ngn : pa rams : xml : ns : simservs 

MIME type: The MIME type of NGN PSTN/ISDN simulation services XML documents is: 

application/simservs+xml 

Validation constraints: The present document does not specify any additional constraint beyond those defined by 
XCAP (see bibliography). Note, however, that each of the supplementary services may specify additional constraints on 
each of the XML subdocuments. 

Data semantics: The XML schema does not accept URIs that could be expressed as a relative URI reference causing a 
resolution problem. However, each of the supplementary services should consider if relative URIs are allowed in the 
subdocument tree, and in that case, they should indicate how to resolve relative URI references. In the absence of 
further indications, relative URI references should be resolved using the document URI as the base of the relative URI 
reference. 

Naming conventions: By default, NGN PSTN/ISDN simulation services XML documents are stored under the user's 
Home Directory (which is located under the "users" sub-tree). In order to facilitate the manipulation of an NGN 
PSTN/ISDN simulation services XML document, we define a default XML file name: 

simservs .xml 

Resource interdependencies: The present document does not specify additional resource interdependency beyond 
those specified in the XML schema and beyond any resource interdependency that may be specified in each of the NGN 
PSTN/ISDN simulation services. 

Authorization policies: The default XCAP (see bibliography) authorization policy is used in the application usage 
defined by the present document. 

NOTE: The default policy indicates that the creator of the XML document is the one authorized to manipulate it. 
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6.3 XML schema 



<?xml version="l . 0" encoding="UTF-8 " ?> 

<xs : schema targetNamespace="urn : org : etsi : ngn : params : xml : ns : simservs " 

xmlns : ss="urn : org : etsi : ngn : params : xml : ns : simservs" 

xmlns :xs="http: //www.w3 . org/2001/XMLSchema" 

elementFormDefault=" qualified" 

attributeFormDef ault=" ungual if led" > 

<! — The element "simservs" maps to the Common Parts of an NGN PSTN/ISDN 
Simulation services document — > 

<xs:element name="simservs"> 
<xs : annotation> 

<xs : documentation>XML Schema for data manipulation of ETSI 

NGN PSTN/ISDN Simulation Services 
</xs : documentation> 
</xs : annotation> 
<xs : complexType> 
<xs : sequence> 

<xs:element ref ="ss : absService" minOccurs="0" maxOccurs="unbounded"/> 
<xs:anY namespace="##other " processContents="lax" 
minOccurs=" " maxOccurs="unbounded" /> 
</xs : sequence> 

<xs : anyAttribute namespace="##any" processContents="lax" /> 
</xs : complexType> 
</xs : element> 

<xs:element name="absService" abstract="true" type="ss : simservType"/> 

<xs : complexType name="simservType"> 

<xs : attribute name="active" type="xs :boolean" 

use="optional" default="true" /> 
<xs : anyAttribute namespace=" ##any " processContents="lax" /> 
</xs : complexType> 
</xs : schema> 



6.4 Template for a PSTN/ISDN simulation service XIVIL schema 

PSTN/ISDN simulation services that implement XCAP operations to manipulate the data associated to its service shall 
base their XML schema in the following template. Replace "ServiceName" with the name or acronym of the actual 
service. 

<?xml version="l . 0" encoding="UTF-8 " ?> 

<xs : schema targetNamespace="urn : org : etsi : ngn : params : xml : ns : simservs " 
xmlns :ss="urn:org:etsi: ngn : params : xml : ns : simservs " 
xmlns :xs="http: //www.w3 . org/200 1/XMLSchema" 
elementFormDefault=" qualified" 
attributeFormDef ault=" ungual if led" > 

<xs : include schemaLocation="simservs . xsd" /> 

<xs : element name=" ServiceName" substitutionGroup="ss : absService "> 
<xs : annotation> 

<xs : documentation>Template of a PSTN/ISDN Simulation 

Service XML Schema 
</xs : documentation> 
</xs : annotation> 
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<! — If the service needs to add children elements or attributes — > 
<! — it can use the following complexType for such purpose — > 
<xs : complexType> 

<xs : complexContent> 

<xs: extension base="ss: simservType"> 
<xs : sequence> 

<! — service specific elements can be defined here — > 
</xs : sequence> 

<! — service specific attributes can be defined here — > 
</xs :extension> 
</xs : complexContent> 
</xs : complexType> 

</xs : element> 
</xs : schema> 
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